我在想,如果他們是一種方法來防止某些命令被執行,以防止有時不良操作(例如,當你執行「rm *。py」時你想執行「rm *。pyc」或類似的東西)。Bash - 隱藏命令(防止不良操作)
人們會說用戶的責任是檢查他的輸入,這是正確的,但無論如何我想知道是否有辦法。
對於 「基本」 的事情,我們可以使用別名在我們的.bashrc這樣的:
alias apt-get="echo 'We use aptitude here !'"
alias sl="echo 'Did you mean ls ?'"
但對於一些包含 「RM -f *的.py」(或 「室射頻/」)參數,這個簡單的把戲不起作用。 當然,我只是想要一個基本的方法來防止執行確切的命令(相同的空格和相同的參數排序將是一個好的開始)。
非常感謝你對你的答案。
好了,你可以用把自己的路組件之一中的所有其他人面前的由來已久的做法:
PATH=~/safebin:$PATH
,然後在~/safebin,你把那些「更安全」的腳本像rm:
#!/bin/bash
for fspec in "[email protected]" ; do
if [[ "${fspec: -3}" = ".py" ]] ; then
echo Not removing ${fspec}, use /bin/rm if you really want to.
else
echo Would /bin/rm "${fspec}" but for paranoia.
fi
done
爲rm *該腳本輸出:
Would /bin/rm chk.sh but for paranoia.
Would /bin/rm go but for paranoia.
Would /bin/rm go.sh but for paranoia.
Would /bin/rm images but for paranoia.
Would /bin/rm images_renamed but for paranoia.
Would /bin/rm infile.txt but for paranoia.
Would /bin/rm jonesforth.S but for paranoia.
Would /bin/rm jonesforth.f but for paranoia.
Would /bin/rm mycode.f but for paranoia.
Would /bin/rm num1.txt but for paranoia.
Would /bin/rm num2 but for paranoia.
Would /bin/rm num2.txt but for paranoia.
Would /bin/rm proc.pl but for paranoia.
Would /bin/rm qq but for paranoia.
Would /bin/rm qq.c but for paranoia.
Would /bin/rm qq.cpp but for paranoia.
Would /bin/rm qq.in but for paranoia.
Not removing qq.py, use /bin/rm if you really want to.
Would /bin/rm qq.rb but for paranoia.
Would /bin/rm qq.s but for paranoia.
Would /bin/rm qq1 but for paranoia.
Would /bin/rm qq2 but for paranoia.
Would /bin/rm qqq but for paranoia.
Would /bin/rm rm but for paranoia.
Would /bin/rm source.f90 but for paranoia.
Would /bin/rm test.txt but for paranoia.
Would /bin/rm xx but for paranoia.
Not removing xx.py, use /bin/rm if you really want to.
現在顯然"${fspec: -3}" = ".py"是一個簡單的和黑名單。我可能更喜歡有一個白名單,我被允許刪除並拒絕其他一切。
下面是基於正則表達式白名單版本:
#!/bin/bash
for fspec in "[email protected]" ; do
del=0
if [[ ! -z "$(echo "${fspec}" | grep 'a.e')" ]] ; then
del=1
fi
if [[ ! -z "$(echo "${fspec}" | grep '\.[Ss]$')" ]] ; then
del=1
fi
if [[ ${del} -ne 1 ]] ; then
echo "Not removing ${fspec}, use /bin/rm if you want."
else
echo " Removing ${fspec}"
#/bin/rm "${fspec}
fi
done
,輸出:
Not removing chk.sh, use /bin/rm if you want.
Not removing go, use /bin/rm if you want.
Not removing go.sh, use /bin/rm if you want.
Removing images
Removing images_renamed
Not removing infile.txt, use /bin/rm if you want.
Removing jonesforth.S
Not removing jonesforth.f, use /bin/rm if you want.
Not removing mycode.f, use /bin/rm if you want.
Not removing num1.txt, use /bin/rm if you want.
Not removing num2, use /bin/rm if you want.
Not removing num2.txt, use /bin/rm if you want.
Not removing proc.pl, use /bin/rm if you want.
Not removing qq, use /bin/rm if you want.
Not removing qq.c, use /bin/rm if you want.
Not removing qq.cpp, use /bin/rm if you want.
Not removing qq.in, use /bin/rm if you want.
Not removing qq.py, use /bin/rm if you want.
Not removing qq.rb, use /bin/rm if you want.
Removing qq.s
Not removing qq1, use /bin/rm if you want.
Not removing qq2, use /bin/rm if you want.
Not removing qqq, use /bin/rm if you want.
Not removing rm, use /bin/rm if you want.
Not removing source.f90, use /bin/rm if you want.
Not removing test.txt, use /bin/rm if you want.
Not removing xx, use /bin/rm if you want.
Not removing xx.py, use /bin/rm if you want.
感謝您的回答。畢竟這可能是最好的解決方案!我可能會考慮在python中使用一些腳本來提高可讀性(如果我鬆散python,直接使用/ bin/rm),但是你的bash腳本似乎做得很好! – ThR37 2010-08-18 12:43:36
你也可以使用較少知道的命令「命令」(其類似於「內建」命令)來創建限制性RM包裝:
help builtin command | less
# test example using ls instead of rm
function ls() {
for ((i=1; i<=$#; i++)); do
arg="${@:i:1}"
echo "arg ${i}: ${arg}"
[[ "${arg}" == \*.py ]] && { echo "Not allowed: ${arg}"; return 1; }
done
command ls "${@}"
return 0
}
ls -a
ls -a *.py
如果命令被別名或函數覆蓋,您可能需要使用'builtin command ls「$ {@}」' – lesmana 2010-08-20 11:39:09
更正我的功能LS例如:
[[ "${arg}" != \*.py ]] && [[ "${arg}" == *.py ]] && \
{ echo "Not allowed: ${arg}"; return 1; }
然後:
ls -a *.py
# ... and also play with modified shell wildcard expansion behaviour ...
(shopt -s nullglob; ls -a *.py)
ThR37說:
這裏的基礎上,一個簡短的Python腳本簡單地包裝命令如「rm」的想法。 猛砸包裝也許是一個更好的主意,但我喜歡的Python :):
#!/usr/bin/python
# coding=UTF-8
import getopt, sys
import subprocess
import re
exprs=[]
exprs.append(re.compile(".*\.py$"));
exprs.append(re.compile(".*\.cpp$"));
exprs.append(re.compile(".*\.hpp$"));
exprs.append(re.compile("\*$"));
def main():
try:
opts, args = getopt.getopt(sys.argv[1:], "Rrfiv", ["interactive","no-preserve-root","preserve-root","recursive","verbose","help","version"])
except getopt.GetoptError, err:
# print help information and exit:
print str(err)
usage()
optsString = "".join([opt[0]+opt[1]+" " for opt in opts]);
for arg in args:
tab = [expr.match(arg) for expr in exprs];
if tab.count(None)!=len(tab):
print "Not removing "+str(arg);
else
cmd = ["/bin/rm"]+[opt[i] for opt in opts for i in range(2) if not opt[i]=='']+[str(arg)];
rmfile = subprocess.Popen(cmd)
if __name__=="__main__":
main();
注意,它是一個擴展的通配符的外殼,讓你的程序或功能將永遠不會真正*參見*'* .py'。它會看到的所有內容都是通過匹配'* .py'的結果,即匹配該模式的文件列表。 (或者,如果沒有,則爲'* .py';如果爲'shopt -s nullglob',則爲空字符串。) – janmoesen 2010-08-18 11:39:41
依賴同名替換來替代'rm'等東西是個壞主意。它所需要的只是一次不可用而Bam!你的文件不見了,因爲安全網不在那裏。如果你想使用網絡,你應該使用不同的名稱(例如「安全」)。 – 2010-08-18 15:26:53
@Dennis Williamson:對,你說得對,使用不同的名字可能會更好,但實際上並不是因爲你的原因(至少如果你使用你的「rm」命令就像原來的那樣(沒有直接利用「rm *不刪除我的源代碼,所以我總是可以使用它「))。但問題可能是更多的Makefiles或安裝腳本,不知道你的「RM」不是一個標準的,你可以創造巨大的副作用... – ThR37 2010-08-19 08:36:58